AVIK
Voice of Greyhat
SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim (Admin Bangladesh Cyber Army). Here is the report Submitted By Shadman to VOGH.
REPORT:-
Very Big and Critical Vulnerability detect in Google Lab System. Vendor is already reported. But they don’t take positive step in this case this vulnerability is now exposed and open in public. Now I tell details About the Vulnerability in Google Lab System.
Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this
Vulnerability is Exploitable. We can get Tables, columns and data. Google Lab
Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. And this vulnerability is 100% real and Now We can see this in our eyes.
Now I give you Step by step proof about this Vulnerability.
1. Website: www.googlelabs.com or labs.google.com
2. Vulnerability type:SQL Injection
3. Vulnerable url: http://www.googlelabs.com/?q=%27&apps=Search+Labs
4. Injection Area in Link:
http://www.googlelabs.com/?q=%27&apps=%Inject_Here%Search+Labs
Info:
6. Host IP: 209.85.175.141
7. Web Server: Google Frontend
8. Keyword Found: Fast
9. Injection type is Integer
10. Keyword corrected: Swirl
Let’s Check Exploiting this Vulnerable link. Here I use 3 Famous SQL Injection
tools.
They are:
1. Havij Advance SQL Injection Tool
Website: http://itsecteam.com/en/projects/project1.htm
2. Safe3 SQL Injector v8.4
Website: http://www.safe3.com.cn/en/safe3si.htm
3. Pangolin SQL Injection Tool
Website: http://www.nosec-inc.com/en/
You Can Download the Video Of This Vulnerability VIDEO LINK
To Download the Full PDF report Click HERE
—————————————————————————————————————————
Original Source:
http://www.voiceofgreyhat.com/2011/06/sql-injection-vulnerability-in-google.html
Discussion
No comments yet.